Enable 8021x Globally

switch(config)#

dot1x system-auth-control

■ Enable IEEE 802.1x authentication globally on the switch switch(config)#

dot1x guest-vlan supplicant

■ (Optional) Enable the optional guest VLAN behavior globally on the switch

© 2007 Cisco Systems, Inc. All rights reserved SNRS v2.0—2-24

Enable 802.1x globally on the switch using the following commands:

■ dotlx system-auth-control

This command globally enables IEEE 802.1x authentication on the switch.

■ (Optional) dotlx guest-vlan supplicant

Before Cisco IOS Release 12.1(22)EA2, the switch did not maintain the EAPOL packet history and allowed clients that failed authentication access to the guest VLAN, regardless of whether EAPOL packets had been detected on the interface. Use this command to enable this optional behavior.

2-108 Securing Networks with Cisco Routers and Switches (SNRS) v2.0 © 2007 Cisco Systems, Inc.

0 0

Post a comment